package password_security;

public class password_strength {
	/*
	 * Password Strength by FCH
	 * Input: user's password
	 * Output: a boolean that verifying its strength
	 */
	public String pass;
    public static boolean passStrength(String pass) {
    	/*
    	 * length should be 8-64 (from OWASP in 2021).
    	 * upper and lower alphabet + numeral
    	 * special symbol: *, &, $, #, !, @
    	 */
    	String symbol = "*&$#!@";
    	if (pass.length() > 64 || pass.length() < 8) return false;
    	boolean bool_symbol = false;
    	boolean bool_upper = false;
    	boolean bool_lower = false;
    	boolean bool_num = false;
        for(int i = 0; i < pass.length(); i++) {
        	String s = pass.substring(i, i+1);
        	if (!bool_symbol) bool_symbol = symbol.contains(s);
        	if (!bool_upper) bool_upper = s.equals(s.toUpperCase());
        	if (!bool_lower) bool_lower = s.equals(s.toLowerCase());
        	if (!bool_num) bool_num = s.matches("-?\\d+");
        	if ((bool_symbol & bool_upper) & (bool_lower & bool_num)) return true;
        }
    	
    	return false;
    }
	public static void main(String args[]){
		// test
		String my_pass = "123456Aa!";
		boolean result = password_strength.passStrength(my_pass);
		System.out.println(result);
	}
}
